While e-mail volumes in South Africa dropped by almost 10% over the festive season, spammers did not take a break.

The Synaq Spam Index for the last quarter of 2009 revealed that the ratio of spam to ‘clean’ emails increased to 94% in December, up from 93% in November and 92.7% in October.
The Synaq Spam Index tracks spam, virus and clean email traffic volumes in South Africa as monitored by the managed Linux services and Open Source solutions company.
Sam Gelbart, director: software services at Synaq, says while the ratio of spam to ‘clean’ mails tended to remain in the vicinity of 91 to 94% throughout 2009, a disconcerting trend is that a rapidly rising proportion of spam emails are phishing mails.
“We are being bombarded by phishing mails which are aimed at data and identify theft,” he says. “While the number of reported phishing scams in South Africa remains relatively small from a global perspective, there is no doubt that the incidence of this fraudulent practice is growing rapidly.”
What is particularly disconcerting about these is that although they appear to be local in content because they are usually specific to South African banks and other institutions, they originate from servers all over the world, particularly in countries like the US, Russia, South Korea, Canada, Mexico, Brazil, France, Germany, Poland, UK, Turkey and India.
“This indicates that international identity thieves are familiar with local businesses and business practices enabling them to set up counterfeit webpages that imitate the corporate image of well-known, trusted South African service providers,” he says.
According to Gelbart, combating phishing – and reducing the number of phishing e-mail that reach their addressees’ inboxes – requires constant vigilance. This involves utilising similar language-based technologies that identify regular spam message as spam, to identify phishing messages.
Another anti-phishing tactic is to maintain and constantly update a list of known phishing servers and sites and to block emails originating from those servers as well as those containing links to identified phishing sites.